Degica Co, Ltd.

Senior Application Security Engineer

Degica Co, Ltd.

full-time

Posted on:

Location Type: Remote

Location: Japan

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

Cyber SecuritySDLC

About the role

  • Build the Application Security Program
  • Develop policies, procedures, and standards to safeguard our applications.
  • Conduct risk assessments and implement controls to mitigate security threats.
  • Help manage external pentesting required to meet regulatory compliance.
  • Integrate Security into the SDLC
  • Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
  • Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
  • Guide development teams in integrating security best practices.
  • Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.
  • Foster a Secure Code Culture
  • Promote application-security awareness and best practices across all teams.
  • Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
  • Provide training and resources to development teams to ensure secure coding practices.

Requirements

  • Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
  • Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
  • Strong understanding of security principles and practices.
  • Previous experience as a developer is highly desirable.
  • Familiarity with application security assessment tools.
  • Experience with end-to-end vulnerability management (e.g., SAST and DAST).
  • Technical knowledge to understand vulnerability risk and remediation steps.
  • DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
  • Familiar with security hardening standards and implementation.
  • Nice to have
  • Working proficiency in Japanese is helpful but not necessary.
  • Willingness to learn new technologies and collaborate with distributed and multidisciplinary teams.
  • Experience with building custom security tooling is a plus.
  • Cyber Security related certifications.
Benefits
  • At KOMOJU, we embrace remote work while also offering office space for those who prefer in-person collaboration
  • 10 days regular vacation, additional 5 days summer and 5 days winter vacation
  • Paid birthday holiday
  • Budget for self-learning allowance, to ensure our employees’ skills remain current
  • Language training for Japanese
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securityrisk assessmentssecure software development life cycleDevSecOpsautomated security testingvulnerability managementSASTDASTsecure coding practicessecurity hardening standards
Soft Skills
collaborationcommunicationtrainingguidanceawareness promotionproblem-solvingteamworkleadershipadaptabilitywillingness to learn
Certifications
Cyber Security certifications